Category Archives: Fraud & Forensics

Tax refund fraud has become a growing concern for taxpayers, state and local governments, and the federal government. Tax departments are implementing strategies to prevent and detect for the 2015 tax season.

The Ohio Department of Taxation (ODT) is implementing additional safeguards this tax season that will delay state tax refunds. The ODT is anticipating an increase in identity theft directly affecting tax fraud.

Last year, ODT stopped an unprecedented number of fraudulent income tax returns seeking to steal refunds totaling more than $250 million. In previous years, attempted tax fraud averaged roughly $10 million.

In order for the ODT to detect refund fraud due to identity theft, an additional up-front filter will now be applied to all tax refund requests to examine the demographic information reported on a return. This examination will then assign a “probability of fraud” factor that will determine how the return is then further processed by ODT.

If a return is pulled for review, ODT’s additional security measures will require some taxpayers to successfully complete an Identification Confirmation Quiz before the return will continue to be processed. If a taxpayer’s return is selected for identity confirmation they will receive a letter from ODT directing them to http://www.tax.ohio.gov. This will provide access to the quiz and detailed instructions on how to complete it. Taxpayers without access to the Internet will be directed to call ODT at 1-855-855-7579.

Processing of returns for refunds will be delayed due to these additional screening and security measures. According to the ODT, electronic returns requesting a refund may take up to 15 days to be direct deposited and paper returns could take up to 30 days for a physical check to be mailed out.

Not only is the ODT taking aggressive action on identity theft and tax fraud but so is the Internal Revenue Service (IRS). For 2015, the IRS is introducing new procedures which will address some of the issues. Effective 2015 tax season, the IRS is limiting the number of refunds directly deposited into a single financial account or onto a prepaid debit card. Therefore, any of the subsequent refunds will be issued by paper check and mailed to the taxpayer. Exceptions will not be made.
Visit the Taxpayer’s Guide to Identity Theft for helpful tips to protect yourself from identity theft or fraud.

Most businesses have insurance policies that cover their employees, but is it enough? Does your business have employee dishonesty insurance? This insurance protects the employer from financial loss due to the fraudulent activities of an employee or group of employees. The loss can be the result of the employee’s theft of money, securities (which includes checks) or other property of the insured. Of course, policy coverage may differ between insurance companies. The employer, the named insured on the policy, is the main entity insured. The “who” of coverage may also include all current or former employees, partners, members, directors, volunteers, trustees, seasonal employees and temporary workers at your direction or control. Employee dishonesty coverage is really a fidelity bond. The normal form of coverage is
a blanket policy which will cover fraud committed by any employee.

If the company has access to other customer’s money, securities or property, the policy can be endorsed to include third party coverage. With the third party endorsement coverage is extended to a customer or client with whom you are under contract to perform services. As an example, employees often have access to patients credit card numbers. Does your insurance cover you if an employee steals that credit card information and uses it? Employee dishonesty coverage can typically be added to another insurance policy, such as the property or the fiduciary liability policy. The coverage may be extended to include forgery or alteration, funds transfer fraud, computer fraud, credit card fraud, money order and counterfeit fraud.

With fraud and identity theft at an all-time high, you may want to review your policies and make sure you are covered!

What to do if you get a call or email from someone claiming to be the IRS?

The IRS has seen a recent increase in local phone scams and phishing across the country. (Phishing is a scam typically carried out with the help of unsolicited email or a fake website that poses as a legitimate to lure in potential victims and prompt them to provide valuable personal and financial information).

These scams include many variations including callers saying that their victims owe money or are entitled to a huge refund.

Characteristics of these scams can include:

Scammers use fake names and IRS badge numbers. Generally common names and surnames are used to identify themselves.

Scammers may be able to recite the last four digits of a victim’s Social Security Number.

Scammers “spoof” or imitate the IRS toll-free number on caller ID to make it appear that it’s the IRS calling.

Scammers sometimes send bogus IRS emails to some victims to support their bogus calls.

Victims hear background noise of other calls being conducted to mimic a call site.

If you get a phone call from someone claiming to be from the IRS, here’s what you should do: If you know you owe taxes or you think you might owe taxes, call the IRS at 800-829-1040. The IRS employees at that line can help you with a payment issue – if there really is such an issue.

If you know you don’t owe taxes or have no reason to think that you owe any taxes (for example, you’ve never received a bill or the caller made some bogus threats as described above) then call and report the incident to the Treasury Inspector General for Tax Administration at 800-366-4484.

If you’ve been targeted by these scams, you should also contact the Federal Trade Commission and use their “FTC Complaint Assistant” on their website. Please add “IRS Telephone Scam” to the comments of your complaint.

If you receive an unsolicited email that appears to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), report it by sending it to phishing@irs.gov.

It is important to keep in mind the IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels. The IRS has information online that can help you protect yourself from email scams.

Recent reports of identity theft related to tax filings have been reported by local dentists. We would like to take a moment to remind you that the IRS uses your Social Security Number (SSN) to make sure your filing is accurate and complete, and that you get any refund you are due. An unexpected notice or letter from the IRS could alert you that someone else is using your SSN. However, the IRS does NOT contact taxpayers by sending an email, text or social media message that asks for personal or financial information. If you get an email that claims to be from the IRS, do not reply or click on any links. Instead, forward it to phishing@irs.gov.

If someone uses your SSN to file for a tax refund before you do, the IRS might think you already filed and got your refund. When you file your return later, IRS records will show the first filing and refund, and you’ll get a notice or letter from the IRS saying more than one return was filed for you.

If you think someone has used your SSN for a tax refund or the IRS sends you a notice or letter indicating a problem —contact the IRS Identity protection unit immediately, 1-800-908-4490. Specialists will work with you to get your tax return filed, get you any refund you are due, and protect your IRS account from identity thieves in the future. Make sure you take the following steps to minimize the effectss

1. Complete IRS Form 14039, Identity Theft Affidavit, and attach it to a paper-filed tax return to the IRS with a letter of explanation. You will also need to include with the Form 14039 the following:

A clear and legible photocopy of your identification – a passport, driver’s license, social security card, or other US Federal/State government issued identification.

Telephone # to best reach you (home, work, cell) and a best time to call

2. Contact the Federal Trade Commission to report the identity theft atwww.consumer.gov/idtheft, or call the hotline at 877-438-4338.

6. Consider filing a police report, but without a lot of information, the local police often won’t file a report.

Once the IRS receives the Identity Theft Affidavit they will begin their investigation. Please be aware there are significant processing delays with this unit. You must allow 204 days (6-8 months) for their investigation. There are over 1 million cases, so it is a long process! If no information has been provided after 204 days, then we suggest calling the specialized unit at 1-800-908-4490.

With so many fraud cases in the spotlight recently it’s hard to figure out how to protect yourself. There have been many cases of credit card fraud, employee embezzlement, money laundering and so much more. With companies losing astronomical sums to fraud every year this begs the question: what steps are being taken to prevent fraud in the future and learn from past mistakes?

Top in the news lately is the recent identity theft at Target. It has not yet been released exactly how this theft occurred but, generally, thieves are able to hack into a company’s databases and steal the information transmitted from a credit card’s metal strip when swiped on a card reader. Because of this, millions and millions of people are put on alert every year that their credit and debit card accounts have been compromised.

Another large fraud area is financial statement fraud; the examples that people first relate to are usually Enron and WorldCom. This fraud is often hard to detect because it is usually perpetrated by the company’s’ executives in an effort to report a better financial position than actually exists. This type of fraud is usually meant to deceive stockholders, owners, investors, banks, etc.

Small-scale fraud is most typically dealt with in companies. For instance, maybe “borrowing” $100 out of the petty cash drawer and paying it back on pay-day. Or maybe even forging an invoice so that the employee can collect the extra payment. There are several different ways that employees can embezzle money from their employers and thieves are getting more and more creative. Small-scale fraud like this is most often caught by the employer themselves so managers and supervisors need to be vigilant in taking note of this happening and ensuring that a swift punishment is delivered.

What steps are in place to avoid these frauds happening in the future? Credit card information theft is on a steep decline in Europe. Why? Because they have shied away from using metals strips in credit and debit cards and have, instead, an electronic chip embedded into them. The current stripe technology used in the United States is outdated; it remits the same information at the point of sale every time the card is swiped. The chip is state of the art and every time the card is swiped information is encrypted and as a result the information remitted is constantly changing. Fear not, chip technology is coming! The US will soon be adopting the chip technology and has a 2015 implementation deadline.

As a result of the large financial statement frauds committed in the past, financial reporting is much more regulated. Transparency is the name of the game and auditors are now required to do much further testing and disclose much more than they were pre-Enron.

Simple checks and balances and a segregation of duties is the most effective way of preventing and detecting small-scale fraud. Think about it, it’s much easier form someone to steal money from a company if they process invoices, approval invoices, and write checks vs. a different people being responsible for each job. In some companies it may not make financial sense to separate these positions (the company may be too small) so companies should do a cost/benefit analysis to determine their best practices.

Our firm also offers a FREE service to our clients called End Fraud Now. This service provides an anonymous and confidential way for employees and other business partners to report internal theft, bribery, harassment, and other illegal activities that could cause a loss to your company or subject it to legal exposure. Check out the website today!

The moral of the story is that fraud is out there and everyone needs to not only be aware of it but actively preventing it. The government is stepping in and putting safeguards in place but that doesn’t mean that businesses shouldn’t be doing things independent of this. Putting a small amount of internal controls in place will save a company future time, energy, and money.

Just type in the words “cyber security” as an internet search and the volume of current news stories is painfully obvious. With the holidays coming to a close and online sales up between 10-15% compared prior years, cyber security is an issue that is truly at the forefront for many businesses. A recent article from USA Today says that 3 out of 4 companies that were attacked in 2012 were organizations with 100 or fewer employees.

It seems as though every day another security breach makes the news. Many well-known companies such as Apple, Facebook, and The New York Times, even federal government agencies have been in the headlines as victims to cyber crimes this year. More recently, Target announced that the debit and credit card information of 40 MILLION shoppers had been stolen in a three week period. Should we just go back to using cash?

This is such a significant topic for business owners and consumers alike because business today is conducted online. If you don’t have an online presence as a business owner, you are living in the stone age. As a consumer, your shopping habits could be labeled as “antiquated” if you don’t conduct even a small portion of your shopping online.

As a business owner, you are responsible for protecting your employee’s, your customer’s and your own financial and sensitive business information. As a consumer, you can take small measures to ensure your security. Here are a few of the most basic rules every business and individual can and should be following to help protect confidential information:

• Don’t respond to popup windows telling you to download anything
• Don’t allow websites to install software on your device
• Don’t reply to unsolicited emails
• Use screen locks, log off the system when not in use, and shut off your computer at the end of the day
• Ensure that your computer hardware and software are updated regularly on all devices
• Control physical access to computers and networks
• Make certain that Wi-Fi networks are secure
• Change passwords regularly and use firewalls to protect your systems
• Back up your data on a regular basis so that if anything is compromised, you have a copy.
• Make sure that employees have and know the rules about cyber security and safe social media practices

Don’t assume that your business cannot be targeted because it is too small, and on individual terms, don’t assume that your information cannot be obtained because you “don’t shop online that much”. Be prepared!

While the new movie Identity Thief portrays a story of humor, it also emphasizes just how serious a problem this has become. Many of us have been victims of identity theft on a small scale, unfortunately, some on a larger scale. The scam seems pretty obvious- employee information is stolen or sold to the perpetrator, and they file the return claiming a refund earlier than the “actual” person. How easy is that? When the “actual” person files their return they are then assumed to have filed the illegal or incorrect return because a refund has already been issued using their social security number and wage information.

It is nearly impossible to untangle any type of problem with the IRS, let alone trying to get your money back when they already paid it to someone else and they say that you do not exist. It is interesting that the article references the many filters that the Internal Revenue Service has for returns that are filed to prohibit something like this from happening. However, they also say that there was “a single address that was used to file 2,137 tax returns for $3.3 million in refunds.” REALLY? What kind of filters are they using at the IRS to miss that one? OR “590 tax refunds totaling more than $900,000 were deposited into a single bank account.”

These seem like easy catches. How could the same bank account be used for almost 600 refund checks? With technology as sophisticated as it is, a refund issued to a duplicate bank account should be an easy one to catch and stop immediately. The key here is to stop it before it gets to the IRS. How can we as your tax preparer help keep it from getting that far?

Rest assured that we take every step to protect your vital information such as:

Shredding all papers, nothing goes in the garbage can

Utilizing encryption procedures, especially when sending client information to a third parties like bankers or attorneys

Constant communication with clients about phishing schemes that we become aware of.

Mandatory use of anti-virus and security software on all firm computers

Stressing to clients that the IRS does not initiate contact with taxpayers by email to request personal or financial information.

We will do our part, but you also have to help protect your personal information with the normal safeguards. Don’t be one a victim of identity theft- whether on a small or grand scale- it can take countless hours of your time and dollars paid to professionals to reclaim who you are.